<?php
ob_start();
session_start();
include 'database.php';

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 



// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($dbcon, $myusername);
$mypassword = mysqli_real_escape_string($dbcon, $mypassword);

$sql="INSERT INTO members (Id, username, password, niveau_id) VALUES ('NULL', '".$myusername."', '".$mypassword."', '1')";
$result=mysqli_query($dbcon, $sql) or die(" FOUT ");


$sql3="SELECT id FROM members ORDER BY id DESC LIMIT 1";
$res3=mysqli_query($dbcon, $sql3) or die("Fout");

$lastid;

while($row = mysqli_fetch_array($res3, MYSQLI_ASSOC)){
	$lastid = $row['id'];	
}

// Rest van de INfo
$naam=$_POST['naam']; 
$straat=$_POST['straat']; 
$huisnr=$_POST['huisnr'];
$postcode=$_POST['postcode'];

//Protect

$naam = stripslashes($naam);
$straat = stripslashes($straat);
$huisnr = stripslashes($huisnr);
$postcode = stripslashes($postcode);
$naam = mysqli_real_escape_string($dbcon, $naam);
$straat = mysqli_real_escape_string($dbcon, $straat);
$huisnr = mysqli_real_escape_string($dbcon, $huisnr);
$postcode = mysqli_real_escape_string($dbcon, $postcode);


$sql2="INSERT INTO gegevens (klantid, naam, straat, huisnr, postcode, username) VALUES ('".$lastid."', '".$naam."', '".$straat."', '".$huisnr."', '".$postcode."', '".$myusername."')";
$result2=mysqli_query($dbcon, $sql2) or die(" GEGEVENS FOUT");

if($result && $result2){

	$_SESSION['myusername'] = $myusername;
	$_SESSION['mypassword'] = $mypassword;
	
	$sqlid = "SELECT * FROM members WHERE username='".$_SESSION['myusername']."' ";	
	$_SESSION['member_id'] = mysqli_query($dbcon, $sqlid) or die('poeo');	
	$_SESSION['members'] = mysqli_fetch_assoc($_SESSION['member_id']);
	
	$sqlid2 = "SELECT * FROM gegevens WHERE klantid='".$_SESSION['members']['id']."' ";	
	$_SESSION['klant'] = mysqli_query($dbcon, $sqlid2) or die('poeo');	
	$_SESSION['klantgev'] = mysqli_fetch_assoc($_SESSION['klant']);
	

	header('Location: registreer_success.php');	
	
	}
else{
	echo "Fout";
	}





ob_end_flush();
?>

